nustrk.com

Privacy Protection Service INC d/b/a PrivacyProtect.org  (Proxy Registrant)

Domain Information

The domain nustrk.com is registered by proxy through PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM and was originally registered in September of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Austin, Texas within the United States which resides on the YHC Corporation network.
Remove Malware from nustrk.com - Powered by Reason Core Security
Registrar:
PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM

Server location:
Texas, United States (US)

Create date:
Friday, September 20, 2013

Expires date:
Sunday, September 20, 2015

Updated date:
Sunday, September 21, 2014

ASN:
AS40034 CONFLUENCE-NETWORK-INC - Confluence Networks Inc,VG

Scanner detections:
Detections  (97% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.TINYINSTALLER.R, PUP.Installer.WARPINSTALL.Z, PUP.Installer.WARPINSTALL.X, PUP.Installer.INSTALLDOTEXE.I, PUP.Installer.WARPINSTALL.P, PUP.Installer.WARPINSTALLER.O, PUP.Installer.WARPINSTALLER.F, PUP.Installer.SystemApplet.S, PUP.INSTALLMYSOFTWARE.N, PUP.Installer.ClickAccept.N, PUP.Installer.SafeDown.M, PUP.Installer.SOFTWAREINSTALLER.S, PUP.Installer.SafeDown.R, PUP.Installer.Fileangels.F, PUP.Installer.SafeDown.Q, PUP.Installer.Fileprotected.F, PUP.Installer.FileFalcon.V, PUP.Installer.Fileadventure, PUP.Bundler.Adknowledge, PUP.Adknowledge.Bundler, PUP.Adknowledge.Installer, PUP.Adknowledge.TINYINSTALLER.Installer (M), PUP.Adknowledge.Bundler (M), PUP.Adknowledge.SafeDown.Bundler (M), PUP.Adknowledge.FusionInstall.Installer (M), PUP.Adknowledge.INSTALLDOTEXE.Installer (M), PUP.Adknowledge.Dashboot.Installer (M)
100.00%

Malwarebytes
PUP.Optional.OptimumInstaller.A, PUP.Optional.OptimunInstaller, PUP.Optional.iBryte, PUP.Optional.Ibryte, PUP.Optional.IBryte
81.82%

VIPRE Antivirus
Trojan.Win32.Generic, Optimum Installer, Threat.4150696, Threat.4778314, Threat.4798837, Threat.5064731
81.82%

AVG
Generic_s, MalSign.Generic, Generic35, Adware AdPlugin.CI, Adware AdPlugin.JE, Win.Threat.Medium, Adware AdPlugin.AIV, Adware AdPlugin.AKC
78.79%

K7 Gateway Antivirus
Unwanted-Program , Trojan , Adware
75.76%

Dr.Web
Adware.Downware.2249, Trojan.Packed.25441, Trojan.DownLoader9.59424, Trojan.Packed.26508, Trojan.Packed.27655, Adware.Downware.6099
75.76%

Comodo Security
Application.Win32.IBryte.S, Application.Win32.iBryte.IHT, Application.Win32.iBryte.R, Application.Win32.IBryte.U, Application.Win32.iBryte.WRP
72.73%

Avira AntiVirus
Adware/iBryte.qoemno, ADWARE/Adware.Gen7, Adware/iBryte.A.17418, Adware/iBryte.bxjq, ADWARE/iBryte.Gen7, Adware/iBryte.bxou
72.73%

Kaspersky
not-a-virus:Downloader.Win32.Agent, not-a-virus:AdWare.Win32.iBryte, Trojan.Win32.Badur, Trojan.Win32.Buzus, Trojan-Downloader.Win32.Adload
69.70%

Vba32 AntiVirus
Downloader.Agent, suspected of Trojan.Downloader.gen.h, SScope.Malware-Cryptor.iBryte, AdWare.iBryte, Trojan.Buzus
69.70%

K7 AntiVirus
Unwanted-Program , Adware , Riskware
69.70%

NANO AntiVirus
Trojan.Win32.Downware.cvgamb, Trojan.Win32.Buzus.crvmcc, Trojan.Win32.IBryte.cwbnyw, Trojan.Win32.Badur.cxnrwx, Trojan.Win32.Agent.cxjjsz
69.70%

Sophos
iBryte Optimum Installer, iBryte Premium Installer, Mal/Inject-CEE, PUA 'iBryte Optimum Installer'
66.67%

avast!
Win32:IBryte-BY [PUP], Win32:PUP-gen [PUP], Win32:Somoto-N [PUP], Win32:IBryte-CY [PUP], Win32:IBryte-DB [PUP], Win32:IBryte-DY [PUP]
66.67%

Kingsoft AntiVirus
Win32.Troj.DownAgent.bk.(kcloud), Win32.Troj.iBryte.j.(kcloud), Win32.Troj.Undef.(kcloud), Win32.Troj.Badur.hr.(kcloud)
63.64%

The domain nustrk.com has been seen to resolve to the following 5 IP addresses.

209-99-40-222.fwd.datafoundry.com
October 29, 2015

August 17, 2014

August 17, 2014

December 23, 2013

December 23, 2013

File downloads found at URLs served by nustrk.com.

36 / 68    (Adware)

The following 3 files have been seen to comunicate with nustrk.com in live environments.

URL:
http://nustrk.com/

SSL certificate subject:
CN=sni60371.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
Apache

Remove Malware from nustrk.com - Powered by Reason Core Security